About two years ago, I joined OpsRamp. We are a startup working on building the monitoring stack for companies with hybrid infrastructure, in other words companies with both on premise and cloud based servers. Soon after I joined, I was tasked with building the REST API to power our new…

Update (Aug 11, 2020): This post has been the #1 post on /r/netsec for the last 15 hours or so. Follow the discussion in /r/netsec here and in /r/cybersecurity here. A couple weeks ago, I read Martin Casado’s blog post about a16z funding a new startup called Material Security. Reading…

You, a security consultant, wake up in medieval Europe. You’ve been hired by a feudal lord, who has inherited a castle, some land, and a couple serfs, and is looking to secure his property. …

In March of this year, I saw on Hacker News that Netflix had open sourced a tool called riskquant. I’d been toying with the idea of quantifying cybersecurity for a while myself. A thought experiment I started with the belief that if you could assign a number, from 0 to 100, to describe…

The goal of risk quantification is to express cybersecurity risks using numbers, instead of qualitative labels. By doing this, the hope is you can more easily prioritize between different security initiatives, and track changes in your risk posture at a more granular level. How is risk calculated? Say you’d like to quantify the risks…

I have a lot more blog posts like this I plan to write. If you like this, follow me on Twitter to make sure you don’t miss any. Think about the most complex frontends you’ve used. Frontends that made you wonder — “how did they create this”? Here are some…

Using honeynets to learn your attackers’ motives, skill level, TTPs, and determination — Many CISOs have a vague understanding of their organization’s threat landscape from reports like Verizon DBIR, previous security incidents, and threat intel. To be fair, not understanding your attackers is probably fine. Your defenses should be based on the sophistication level of the adversaries you’re defending against. …

Capabilities organizations should have to respond to security incidents in corporate networks — Most security tools help you either prevent, detect, or respond to attacks. Response, in my opinion, consists of containment, investigation, and remediation. In this post, I’ll list some useful capabilities for containing, investigating, and remediating attacks. Containment Quarantine an endpoint. This can be done by moving the endpoint to an isolated…